EMBEDDING CYBERSECURITY RISK MANAGEMENT INTO INFORMATION SYSTEMS GOVERNANCE: A NATIONAL-SCALE FRAMEWORK FOR ORGANIZATIONAL RESILIENCE, ECONOMIC STABILITY, AND CRITICAL INFRASTRUCTURE PROTECTION

This paper investigates how integrating cybersecurity risk management into Information Systems (IS) governance enhances organizational resilience. As technology becomes more central to operations and cyber threats grow in complexity, organizations face increasing difficulties in maintaining secure operations. Utilizing systems theory, this study presents a holistic framework that aligns business objectives with IT strategies, underscoring the importance of a resilient and adaptable cybersecurity posture. The research draws on a comprehensive review of current cybersecurity literature, existing frameworks, and industry practices, offering a practical guide for organizations to manage cyber risks effectively. The proposed Cybersecurity Resilience Framework integrates governance principles, continuous monitoring, stakeholder engagement, and human behavioral factors to offer a comprehensive approach. Results from this study indicate that organizations using automated detection systems experience an average response time of 20 minutes compared to 31 minutes for those relying on manual detection. Furthermore, organizations with automated systems faced reduced operational downtime (4 hours compared to 6 hours) and lower financial impact ($150,000 versus $250,000). The research also shows that organizations adhering to established frameworks such as NIST and ISO saw improved threat detection rates (over 80%) and a notable reduction in financial losses (around 20%). The analysis of Return on Security Investment (ROSI) revealed that organizations investing strategically in cybersecurity saved significantly on costs, with ROSI percentages ranging from 28% to 61%. Additionally, organizations demonstrated enhanced capacity in threat detection and response, with Cybersecurity Effectiveness Scores (CES) reflecting strong operational readiness. Overall, this framework provides a robust strategy for organizations to navigate the dynamic cybersecurity landscape while ensuring business continuity.